US10103875B1ActiveUtility
Authentication through a secret holding proxy
Est. expiryDec 20, 2031(~5.4 yrs left)· nominal 20-yr term from priority
H04L 9/065H04L 9/3247H04L 63/123H04L 2209/76H04L 63/126
96
PatentIndex Score
33
Cited by
23
References
6
Claims
Abstract
Client requests may be directed through a secret holding proxy system such that the secret holding proxy system may insert a secret into a client request before arriving at the destination. The insertion of a secret may include inserting a digital signature, token or other information that includes a secret or information based upon a secret, which may include secret exchange or authentication protocols. The secret holding proxy system may also remove secrets and/or transform incoming messages such that the client may transparently receive the underlying content of the message.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A computer-implemented method for providing authentication services, comprising: under the control of one or more computer systems configured with executable instructions, receiving, by a signing service, a signed message having instructions from a client, the signed message addressed to a resource; determining whether to send the instructions to the resource based at least in part on a policy, the policy based at least in part on the outcomes of operations that include: verifying the signed message is signed with the interim credential; and determining whether the client has permission to access the resource; signing the instructions using a recognized credential when the client has permission and the message is signed with the interim credential, the recognized credential being unshared with the client and inaccessible to the client and valid for use to access the resource; and sending the instructions signed with the recognized credential to the resource when the instructions have been signed with the recognized credential.
2. The computer-implemented method of claim 1 , wherein the client and the signing service are connected by a trusted network, the trusted network segregated from other networks such that communications between the client and signing service have assurance that the communications are not altered.
3. The computer-implemented method of claim 2 , wherein the resource is outside of the trusted network.
4. The computer-implemented method of claim 3 , wherein the instructions are sent from the signing service to the resource over a secure connection.
5. The computer-implemented method of claim 1 , further comprising removing a signature from the signed message, the signature having used the interim credential.
6. The computer-implemented method of claim 1 , wherein the policy further includes the operation of determining whether a client has paid for the signing service.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.